From 4809ac0fd0466b0d2e798519f8a0584b5b577f1c Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Mon, 13 May 2019 16:47:56 -0400 Subject: [PATCH 1/3] Make stack non-executable Fixes a bug where go programs that rely on this library have executable stacks. In order to build this library with these ld flags, the environment variable CGO_LDFLAGS_ALLOW must be set to a regex that will accept the -z flag. The value "-z|noexecstack" is sufficient. Otherwise the build will fail with the message "invalid flag in #cgo LDFLAGS". This is due to the whitelisting of allowed flags for security purposes. --- datachannel.go | 2 +- peerconnection.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/datachannel.go b/datachannel.go index 651f6d0..2813391 100644 --- a/datachannel.go +++ b/datachannel.go @@ -8,7 +8,7 @@ package webrtc /* #cgo CXXFLAGS: -std=c++0x -#cgo LDFLAGS: -L${SRCDIR}/lib +#cgo LDFLAGS: -L${SRCDIR}/lib -z noexecstack #cgo android pkg-config: webrtc-android-armeabi-v7a.pc #cgo linux,arm pkg-config: webrtc-linux-arm.pc #cgo linux,386 pkg-config: webrtc-linux-386.pc diff --git a/peerconnection.go b/peerconnection.go index e1f1726..8fee113 100644 --- a/peerconnection.go +++ b/peerconnection.go @@ -31,7 +31,7 @@ package webrtc /* #cgo CXXFLAGS: -std=c++0x -#cgo LDFLAGS: -L${SRCDIR}/lib +#cgo LDFLAGS: -L${SRCDIR}/lib -z noexecstack #cgo android pkg-config: webrtc-android-armeabi-v7a.pc #cgo linux,arm pkg-config: webrtc-linux-arm.pc #cgo linux,386 pkg-config: webrtc-linux-386.pc From 90a6f2a032b9e471262688c257b139836b7f1b28 Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 14 May 2019 11:04:50 -0400 Subject: [PATCH 2/3] Update .travis.yml to allow LD flags In order to build go-webrtc with a nonexecutable stack, we need the the LD flag `-z noexecstack`. However, LD flags are whitelisted in Go for security reasons. We need to supply an environment variable with a regex that allows this flag. --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9cddab2..16af08a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,8 +14,9 @@ matrix: dist: xenial sudo: required go: 1.6 - env: CC="gcc-5" CXX="g++-5" OS="linux" + env: CC="gcc-5" CXX="g++-5" OS="linux" CGO_LDFLAGS_ALLOW="-z|noexecstack" - os: osx + env: CGO_LDFLAGS_ALLOW="-z|noexecstack" install: - go get -u github.com/smartystreets/goconvey From 282783136f7f6999c21bad2a61268049211d92ab Mon Sep 17 00:00:00 2001 From: Cecylia Bocovich Date: Tue, 21 May 2019 11:35:21 -0400 Subject: [PATCH 3/3] Add target-specfic flags for ld --- datachannel.go | 3 ++- peerconnection.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/datachannel.go b/datachannel.go index 2813391..217be8c 100644 --- a/datachannel.go +++ b/datachannel.go @@ -8,7 +8,8 @@ package webrtc /* #cgo CXXFLAGS: -std=c++0x -#cgo LDFLAGS: -L${SRCDIR}/lib -z noexecstack +#cgo linux LDFLAGS: -L${SRCDIR}/lib -z noexecstack +#cgo darwin LDFLAGS: -L${SRCDIR}/lib #cgo android pkg-config: webrtc-android-armeabi-v7a.pc #cgo linux,arm pkg-config: webrtc-linux-arm.pc #cgo linux,386 pkg-config: webrtc-linux-386.pc diff --git a/peerconnection.go b/peerconnection.go index 8fee113..37f2d47 100644 --- a/peerconnection.go +++ b/peerconnection.go @@ -31,7 +31,8 @@ package webrtc /* #cgo CXXFLAGS: -std=c++0x -#cgo LDFLAGS: -L${SRCDIR}/lib -z noexecstack +#cgo linux LDFLAGS: -L${SRCDIR}/lib -z noexecstack +#cgo darwin LDFLAGS: -L${SRCDIR}/lib #cgo android pkg-config: webrtc-android-armeabi-v7a.pc #cgo linux,arm pkg-config: webrtc-linux-arm.pc #cgo linux,386 pkg-config: webrtc-linux-386.pc